The two 2017 search warrant applications discovered by Motherboard both deal with a scam where cybercriminals trick a victim company into sending a large amount of funds to the scammers, who are pretending to be someone the company can trust. The search warrants show that, in an attempt to catch these cybercriminals, the FBI set up a fake FedEx website in one case and also created rigged Word documents, both of which were designed reveal the IP address of the fraudsters. The cases were unsealed in October.

The warrant application [PDF] in one case seeks permission to use an NIT (Network Investigative Technique) to expose identifying information about a targeted device/computer. This warrant request -- relying on recent changes to jurisdictional limitations -- says the NIT deployment was necessary because the FedEx impersonation failed to obtain usable IP address info thanks to the target's use of a VPN to access the impersonated site.

On July 25, 2017, FBI Buffalo, Rochester Resident Agency purchased the domain www.fedextrackingportal.com and developed the website www.fedextrackingportal.com/apps/us-en/tracking.php?action=track&trackingnumber=731246AF7684. The website was created with the message "Access Denied, This website does not allow proxy connections" error message when accessed. The website was created to capture the basic server communication information, as IP Address date and time stamp, and user string when the website was accessed. No malware or computer exploit was deployed in the development of the website; the only information captured in the webserver logs was unencrypted basic network traffic data identified above.

The IP addresses trapped with this ruse traced back to ExpressVPN, necessitating the technique described in this warrant application: a malicious email attachment.

The deployment of the NIT will occur through email communications with the TARGET USER, with consent from the victim company, Gorbel, and the Accounts Payable manager Belt. The FBI will provide an email attachment to the victim which will be used to pose as a screen shot of the FedEx tracking portal for the sent payment. The FBI anticipates the target user, and only the target user, will receive the email and attachment after logging in and checking emails. The subject will download the attachment which will deploy a technique designed to identify basic information of the TARGET location. [...] For the email attachment approach, the FBI will use a document with an embedded image requiring the computer to navigate outside the proxy service in order to access the embedded item.

A second warrant application dug up by Motherboard details pretty much the same process: an NIT deployed via email attachment to force the target to relinquish identifying info like IP addresses and device information. The twist in the second application is that the malicious embed (an image contained in a Word document) would require the recipient to turn off "Protected Mode" to open the attachment. Simply harvesting info from an end user is one thing. Having them perform an action on their end to give the government access to their computer is another. "In an abundance of caution," the FBI requested a warrant, even though the application makes it clear the FBI believes it shouldn't need a warrant to force targeted devices to give up potentially-identifying info.

The impersonation of FedEx may be novel, but the FBI's use of NITs began well before its extrajurisdictional searches were codified by Rule 41 changes. NITs have been in the FBI's toolkit for most of this decade. Here's a 2012 application and returned warrant showing the FBI using an NIT to obtain IP addresses and device info to locate a wanted felon using an email address the agency believed belonged to the target.

The FBI's impersonation of people, places, and things is likely just as widespread, even if the rules (very loosely) governing this investigative technique suggest it shouldn't be. FedEx may have questions about the FBI's use of its name to obtain IP addresses from criminal suspects, but so far, it hasn't commented on the news. What's seen in these applications suggests some care is being taken to avoid sweeping up innocent internet users, but there's only so much that can be implied from this very small sampling of federal investigative activity.

from the [extremely-Montgomery-Burns-voice]:-'Con-sti-tu-tion???' dept

This case, coming to us via Andrew Fleischman, would be Keystone-Cops-comical if it weren't such a hideous example of law enforcement using someone's rights as a doormat. What began as a 911 call for assistance with an unresponsive infant soon devolved into a full-blown search of house by several officers without a single warrant between them.

Arielle Turner was indicted by a grand jury for the death of her infant. That's gone now, thanks to the careless, self-destructive actions of the officers at the scene. All evidence obtained during the unlawful search has been suppressed, with this Georgia Supreme Court ruling [PDF] upholding the lower court's decision.

Arielle and her mother, Terry Turner, called 911 to report her 10-week-old baby was unresponsive. EMTs arrived and began treating Turner's daughter before taking her (and Arielle) to the hospital. The child's grandmother remained at home.

The first officer to arrive was Joseph Wells who comforted Terry Turner while standing on the porch. Terry invited Officer Wells to come in and sit down because her legs were starting to hurt. They sat and conversed. Detective Victoria Bender arrived shortly thereafter, letting herself in through the open front door. Neither of these two officers performed any searches or seized any property.

Over at the hospital, an examination did not turn up any signs of abuse or foul play. Investigators believed the infant's death to be accidental. This information was relayed to Detective Bender, who passed it on to Terry Turner. Either something got lost in translation or the officers already on the scene decided to make a command decision. Suddenly, the home they were already in was declared a crime scene, despite there being no evidence of foul play.

Once that happened, the floodgates opened. From the decision:

Shortly thereafter, more officers arrived, including a crime scene investigator who, at some point, began photographing the residence. Detective Bender started questioning Terry about the events leading up to the infant’s death and asked Terry to “take her around and tell [her] what went on last night.” Terry testified that she did not consent to the officers entering or searching her home, and she explained that she did not stop the officers because Detective Bender “just told me that’s what they was [sic] supposed to do.”

As to the sudden unexplained presence of a crime scene investigator, the court has this to say about the spotty testimony offered by other officers named in the lawsuit:

At the motion hearing, none of the law enforcement officers could explain how the crime scene investigator was notified or who summoned him to the scene, and the State did not call him as a witness at the hearing.

Another officer brought Arielle Turner back to her house full of cops. About that same time, the county coroner arrived. The coroner also decided to engage in a warrantless search, which included recording some video with his cellphone. Officers seized pretty much anything baby-related and took them to the sheriff's office.

All the assembled officers believed they had a right to do this under state law. Supposedly the state's Death Investigation Act trumps the US Constitution.

At the hearing on Appellee’s motion to suppress, all of the testifying officers confirmed that they did not obtain a search warrant, that they did not have probable cause to search the house, that they did not ask for permission to search the home, and that they did not believe a crime had occurred when the search of the home took place. Instead, the officers and Alcarez explained that their investigation was done pursuant to Georgia’s Death Investigation Act. See generally OCGA § 45-16-20 (2015) et seq. In total, law enforcement remained in Appellee’s home for approximately three hours questioning witnesses, searching, photographing and videotaping the home, and seizing evidence.

The government tried to argue consent was given for a search. Supposedly, Terry Turner's request one officer (who never performed a search) come in and sit down was a permission slip for several officers to search the entire house and seize multiple items for the next three hours. The court says the law (and the Constitution) simply does not permit this interpretation.

Here, a reasonable officer would understand that Terry’s invitation for Wells to enter her kitchen was not consent for additional officers to conduct a search of the home.

The court goes on to note there was no consent, not even tacitly. If anything, Terry Turner was unaware of her rights and no officer on the scene felt compelled to obtain actual consent when it was far easier to just act like everything was being done by the book.

The record further supports the trial court’s finding that Terry merely acquiesced to the authority of the officers. The record reflects that, after the child was pronounced dead, numerous members of law enforcement responded to the Turner residence in order to investigate the death of the child without probable cause, without a search warrant, and without even a suspicion that a crime had been committed. The officers admitted at the hearing that they did not ask Terry for consent to search the home, to take photographs or video, or to remove any items from the residence. Despite this, at least four members of law enforcement, including a crime scene investigator (whose presence, astoundingly, no one can explain) participated in a search of Appellee’s home.

Law enforcement had the knowledge and the power. The officers chose to only use the latter. A deliberate misreading of the situation turned into playground for unconstitutional behavior. At any point, the search could have been stopped and the damage mitigated by a warrant request. Instead, cops took the inch Turner gave and stretched it into a country mile. And they used all this ill-gotten evidence to cook up a case against the infant's mother, even after hospital personnel stated they saw no indications of abuse or foul play.

This is the government at its ugliest -- willfully abusive and meaninglessly punitive. Hopefully this suppression of evidence will result in better behavior, but the past has shown law enforcement officers are slow learners. Why play by the rules when rolling the federal court dice still pays off regularly?

from the an-affidavit-needs-to-be-more-than-a-sketchy-conspiracy-theory dept

The "good faith" exception can be difficult to overcome. Courts seem willing to grant the government this Fourth Amendment workaround even when it seems apparent the government operated in bad faith.

Take, for instance, the FBI's Playpen investigation. On the strength of a single warrant issued in Virginia, the FBI, in essence, searched computers all over the nation (and all over the world) to extract identifying info about the devices' users. Even when courts found the warrant to be invalid because of its blatant disregard for jurisdictional limitations (warrants can only be executed in the district they're issued), they still granted the government "good faith" because the FBI agent had relied on the judge's approval of the warrant to execute the search.

But this was happening while the FBI was petitioning the rest of the government to remove jurisdictional limitations with amendments to Rule 41. So, this warrant was obtained while limits the FBI wanted lifted were in place, but its execution took place before the limits were lifted. Somehow, this was still considered "good faith," even if those overseeing the warrant and investigation knew the FBI planned to violate jurisdictional limitations with the deployment of its PII-scraping malware.

This is only a small part of the federal court system's deference to law enforcement. "Good faith" is supposed to be the exception, not the rule, but hundreds of court rulings on evidence suppression bend over backwards to view law enforcement actions in the best possible light, even as evidence mounts outside the court system American policing is frequently unconstitutional, if not outright corrupt.

When you see a court actually reject the government's "good faith" advances, you can be certain law enforcement has screwed up severely. This case, brought to our attention by the Sixth Circuit Blog, is one of those exceptional strippings of a Fourth Amendment exception.

In this decision [PDF], the Sixth Circuit Appeals Court upholds the lower court's suppression of evidence. The Akron PD engaged in a lengthy drug investigation, but decided to take a few shortcuts to search a residence it vaguely speculated might be related to the drug dealer they were pursuing. The connective tissue of the warrant tore immediately upon judicial inspection. The supposed probable cause for an extensive, broad search of a residence? One time the guy they were surveilling parked his car in the driveway.

The target of the investigation was Camiolo Rocha-Ayon Jr. The rest of this is related to Carl Tucker -- the person challenging the evidence's legal origins -- in ways only clear to the officer requesting the warrant.

Akron Police Department Detective M.V. Gilbride sought a records-and-documents search warrant for the Saxon Avenue house. Citing his training and experience, as well as his observations on February 17, 2017 at 791 Saxon Avenue, Gilbride hypothesized that Rocha-Ayon had traveled to the residence “to collect drug proceeds from TUCKER to pay for [an] upcoming delivery of cocaine.” He further speculated that “a portion of the cocaine seized” from Rocha-Ayon was intended for Tucker, that “at least a portion of the currency recovered” from Rocha-Ayon was obtained from Tucker on February 17, and that Rocha-Ayon had purchased the vacuum sealer and bags on February 17 to conceal the odor of the currency that he was obtaining from Tucker, in the event that he was stopped by a K-9 unit during his return trip to Canal Winchester. Detective Gilbride attempted to bolster his conclusions by noting that the Summit County, Ohio Auditor’s Office listed Tucker as the owner of 791 Saxon Avenue; that Tucker was the account holder for the residence’s electric utilities; that the Akron Police Department had received a service call in October 2016, which suggested that drug dealing was occurring at the house; that, inter alia, Tucker had been convicted in 2000 for possession with intent to distribute crack cocaine ; and that the affidavit had been presented to and approved by “the Akron Police Legal Advisor.”

Having perused Detective Gilbride's speculative affidavit, a local judge granted the Akron PD the permission to seize:

So, based on the observation a drug suspect once parked in the driveway of a house owned by someone else, the PD was given free rein to seize everything in the house (if not the house itself, because, you know, "transfer/concealment/expenditure of money").

Then the government obtained a second warrant after finding a utility bill with Tucker's name on it listing an address on Penguin Ave. [Keep in mind, the supposed target of this investigation is still Rocha-Ayon, who once parked in the driveway of the Saxon Ave. residence.] This affidavit copy-pasted the Saxon Ave. speculation and dragged in a completely unrelated service call from the Akron PD to this Penguin Ave. for a domestic dispute involving Tucker. This warrant was approved as well.

The lower court said the Saxon Ave. warrant (the first one obtained) was so bare bones it could not possibly justify a search. And if that warrant was bad, it invalidated the second warrant because that one was largely based on evidence recovered during the first invalid search.

The appeals court agrees. And in doing so, it provides a crystal clear description of a "bare bones" warrant -- the kind that can't be salvaged by "good faith" pleas from the government. It also points out officers utilizing warrants like these terrible ones cannot expect a judge's signature to save them from their own better judgment.

Broadly speaking, an officer’s reliance on a search warrant is not objectively reasonable where “a reasonably well[-]trained officer would have known that the search was illegal despite the magistrate’s authorization.” One such situation is where the affidavit is “bare bones,” i.e., is “so lacking in indicia of probable cause as to render official belief in its existence entirely unreasonable.”

Everything about the Saxon Ave. warrant was garbage. And everything arising from that one -- the Penguin Ave. warrant -- is just more garbage. Here's the PD's bare bones warrant, stripped of its boilerplate and CopSpeak, bleeding to death in the harsh light of judicial examination.

The Saxon Avenue affidavit is a prototypical example of a bare-bones affidavit. Stripped down to its basics, the affidavit asserts that evidence of drug trafficking would be found at the Saxon Avenue residence because (1) a suspected drug dealer once parked in the driveway for a brief period of time, (2) the house’s owner had a 17-year-old conviction for possession with intent to distribute, and (3) a four-month-old, seemingly unverified, apparently anonymous tip suggested that drug dealing may have occurred there.

The court then drags the government's arguments on behalf of its terrible warrant into the same light and lets them soak in their own shame.

The government attempts to resist this conclusion by pointing to additional, allegedly “critical” facts contained in the Saxon Avenue affidavit. Specifically, the government notes that when Rocha-Ayon visited the residence, he was driving a car that he sometimes—but not always— used in connection with drug trafficking; that prior to his arrival on February 17, Rocha-Ayon stopped to purchase household items that are sometimes—but not always—used by drug traffickers; and that two days later, Rocha-Ayon was arrested 135 miles away while transporting cocaine. Based on these additional facts, the government claims that a reasonable law enforcement officer could “easily infer” that “ROCHA-AYON JR. [had] traveled to 791 Saxon Avenue on February 17, 2017 to collect drug proceeds from TUCKER to pay for the upcoming delivery of cocaine…"

If that's the argument the government wants to make, the court will let it. But all it does is show the officer involved in obtaining this warrant is either incredibly poorly trained or an idiot.

Contrary to the government’s assertion, no reasonably well-trained officer could draw such conclusions based upon the particularized facts in the affidavit…

Building another warrant on the skeletal framing of the first bad warrant can't save the second warrant. The court discusses the issue, but points out it doesn't even need to reach a "good faith" decision on the second warrant. It clearly sprung from the first invalid warrant/search and is similarly nothing but unconstitutional garbage. Evidence obtained from both searches is suppressed, leaving the government with its original investigation target -- the one they arrested 135 miles away from the residences searched and in which the suspect parked his car once at only one of the residences.

It's an exception to the rule that's actually supposed to be an exception. Only the worst law enforcement actions are refused the GFE pass for the halls of justice. This isn't a win for the Fourth Amendment. It just one of the few times the government's disregard for civil liberties actually results in suppressed evidence.

from the there-is-no-'going-dark,'-I-guess? dept

The Supreme Court's Riley decision made one thing clear: cellphones are not to be searched without a warrant. Somehow, the Georgia Court of Appeals has reached a different conclusion than the Supreme Court of the United States, even as it cites the ruling. [h/t Andrew Fleischman]

It's a decision [PDF] that's decidedly law enforcement-friendly. And it's one that will pair nicely with the FBI's overblown "going dark" assertions. An arrested individual requested his phone so he could retrieve a phone number to give to the officers questioning him. Here's what happened once he had retrieved that info.

Once [Stephens] unlocked his phone, got the information that he needed, the phone was recovered from [Stephens] at that point. It had not locked out, and having the open pass code at that point, . . . I took the phone down the hall to one of our investigators that’s tech savvy and asked him to plug the phone in and do a phone dump, dump the information without reviewing the information and without advising me of anything if he even got anything off of the dump, that the purpose would be for me to be able to obtain a search warrant for the content of the phone. The experience we have is if the phone goes back to password protection, we’re not able to get into it.

A warrant was sought after the data had already been downloaded. Included in the data dump were photos of a gun prosecutors introduced as evidence. The suppression motion challenged the warrantless search. The lower court found a warrant should have been obtained before the data dump began.

The trial court recognized that Stephens had “a right to privacy in the contents of his cell phone,” and also further acknowledged that per Riley v. California, __ U. S. __ (134 SCt 2473, 189 LE2d 430) (2014), “the police may no longer, without a warrant, search such a phone when seized from an arrestee.”

But it also found the officers had a justifiable excuse for the warrantless data grab.

The trial court, however, found that post Riley, “[e]xigent circumstances – such as the risk of imminent loss of data through a remote wipe of the phone – can justify a warrantless search of a seized cell phone.” And, similarly, according to the trial court, police may “take steps to preserve the digital evidence stored in a cell phone while awaiting judicial authorization to search that evidence.” The trial court held that the measure taken here by police of downloading or “dumping” the contents from Stephens’s cell phone without looking at the contents, was permissible under Riley as a “protective step, taken solely to preserve evidence the detective reasonably believed could be destroyed.”

The appeals court sees the trial court's interpretation of Riley and raises.

Here, pretermitting whether the trial court correctly found that the warrantless downloading of the contents of Stephens’s cell phone was permissible under the exigencies exception to the Fourth Amendment, we hold that even if an unlawful search occurred, the evidence acquired from the downloading was admissible under the independent source doctrine.

[...]

Thus, even assuming that the initial downloading was an unconstitutional search, the information subject to the motion to suppress was obtained through the execution of a valid search warrant.

There you have it: two exceptions to the bright line drawn by the Supreme Court. Riley said warrants are needed to search cellphones. The Georgia Appeals Court agrees, but holds that as long as a warrant is obtained at some point in time, the search can happen prior to the acquisition of a warrant.

In this particular case, there's appears to be minimal intrusion. The information used during the trial wasn't acquired until after a search warrant was obtained, at least according to officers' testimony. But allowing searches to take place prior to the acquisition of a warrant encourages bad behavior -- like checking out data dumps for evidence first and building a warrant request around that, rather than the facts known to officers prior to the (warrantless) search.

It also encourages fishing expeditions because a warrantless search has no boundaries. Warrant requests and the judges that approve them set the limitations on the scope of searches, restricting them to only evidence relevant to the criminal allegations laid out in the affidavit. Working backwards from a search to a warrant means the government can redraft its warrant request prior to delivering it to a judge if it sees something else that might make for a better prosecution.

In this case, no search of the data dump occurred before the warrant arrived. That's good but it's not exactly Riley. Exigent circumstances could theoretically apply to any case involving a phone with a passcode, eliminating the warrant requirement and turning it into an afterthought. "Independent source" does the same thing, granting forgiveness for the constitutional violation as long as a warrant is sought post-search. This hole in Riley is somewhat narrowed by the court noting the warrant request wasn't based on any info derived from the data dump. But that only applies to the specifics of this case and that assumes officers won't lie about the chain of events or engage in parallel construction.

It also invites officers to use the "going dark" theory of unbreakable encryption to claim exigent circumstances guide phone searches, rather than the warrant requirement SCOTUS handed down. With cellphone encryption, any momentarily-unlocked phone creates a convenient "exigent circumstance" that's unlikely to be seriously challenged by courts. Even if other tools and workarounds can be used to crack a locked phone, the presence of one temporarily free of roadblocks will be searched to ensure maximum operational efficiency, rather than adherence to the Fourth Amendment as defined by the Riley decision.

This is a bad call by the Appeals Court. It could have found a way to deter future abuse without actually suppressing the evidence. Instead, it gave Georgia law enforcement a road map for warrantless phone searches.

from the I'll-show-you-mine-if-you-show-me-your-[warrant] dept

The Supreme Court's ruling in the Carpenter case came as something of a surprise. The nation's courts seemed unwilling to start paring back the Third Party Doctrine, but the expansion of people's digital footprints following the widespread adoption of smartphones proved to be too big to ignore. The ruling was narrow -- finding only that the acquisition of historical cell site location info (CSLI) was a search under the Fourth Amendment -- but it possibly contains broader applications.

The way it stands now, law enforcement needs a warrant to collect CSLI from cell service providers -- the first hole that's been poked in the Third Party Doctrine since its inception almost 40 years ago. If not for the Riley decision -- the one that recognized phones no longer resembled "containers" or "pockets," but rather contained a detailed depiction of a person's entire life -- the Supreme Court may not have arrived at this conclusion. But it was that decision that first conjured up the image of the government happily discovering people were carrying around personal tracking devices loaded with info 24 hours a day. Grabbing large quantities of CSLI -- 127 days in Carpenter's case -- turned cellphones into ad hoc ankle bracelets, allowing the government to reconstruct someone's movements over a period of months using only a subpoena.

The lower courts are now starting to apply the Carpenter ruling as defendants use this decision to challenge evidence against them. In this case reviewed by the Georgia Court of Appeals, the warrantless acquisition didn't involve cell site location info, but rather a vehicle's black box. Here are the facts of the case, from the decision [PDF]:

On December 15, 2014, the vehicle driven by Victor Lamont Mobley collided with a vehicle driven by W. M. W. M. and the passenger in his vehicle, C. F., were killed in the collision. Mobley was charged with reckless driving, two counts of homicide by vehicle in the first degree (alleging that he caused the deaths of W. M. and C. F. through the act of reckless driving), and speeding (alleging that he drove a vehicle at a speed of 97 miles per hour in a 45-mile-per-hour zone). Mobley moved to suppress evidence that was obtained from the airbag control module (“ACM”) in the vehicle he was driving, which showed that the vehicle was traveling at a speed of 97 miles per hour five seconds before airbag deployment.

Inevitable discovery was the call, with the trial court finding the ACM would have been removed and its data accessed following the crash, so the one-day delay between the original access and the search warrant was negligible. The appeals court dives a little deeper into the issue, bringing along Carpenter for the ride, but not until the concurring opinion. It first takes a look at the implications of the Supreme Court's Riley decision on the warrantless access to otherwise "hidden" info.

Mobley [...] contends that we should follow the reasoning employed by a Florida appellate court, which held (in a divided opinion) that a search warrant was required to access ACM data in an impounded vehicle. The Worsham court found that ACMs “document more than what is voluntarily conveyed to the public and the information is inherently different from the tangible ‘mechanical’ parts of a vehicle.” Citing Riley, supra and analogizing the ACM to a cell phone, the Worsham court reasoned that because the recorded data is not exposed to the public, and because the data is difficult to retrieve and interpret, there is a reasonable expectation of privacy in the data.

The court finds the access of ACM data does not approach the level of privacy intrusion warrantless access to cellphone's contents would. What a driver does on a public road is observable by others, even if not to the level of detail an ACM provides.

We find that, under the circumstances in this case, Mobley did not have a reasonable expectation of privacy in the data from his vehicle’s ACM. See generally Bowling, supra. While an outside observer cannot ascertain the information regarding the use and functioning of a vehicle with the same level of precision as that captured by the ACM, there are outward manifestations of the functioning of some of the vehicle’s systems when a vehicle is operated on public roads. For example, a member of the public can observe a vehicle’s approximate speed; observe whether a vehicle’s brakes are being employed by seeing the vehicle slow down or stop or the brake lights come on, by hearing the sounds of sudden braking; and observe whether the driver is wearing a seatbelt. There is no reasonable expectation of privacy in such information because an individual knowingly exposes such information to the public.

[...]

Information regarding the mechanical functioning of the vehicle and its systems is qualitatively different from photographs, financial information, and other such personal data that may be found on a cell phone.

The Carpenter connection would be long-term data collecting by the ACM, which would allow the government to reconstruct a person's movements over a long period of time. But, as far as the court can tell, most -- if not all -- ACMs only record pertinent info at the time the airbag deploys. It is not a tracking device, wittingly or unwittingly.

The court signs off on its opinion by warning law enforcement that the best route is to always obtain a warrant, if possible.

We therefore limit our holding to the particular facts of this case, and note that future treatment of this issue will likewise depend on the specific facts of the cases under consideration. As such, we reiterate the strong preference for searches to be conducted pursuant to a warrant, see Jones v. State, 337 Ga. App. 545, 548 (1) (788 SE2d 132) (2016), and caution law enforcement officers faced with an investigative need to obtain data from a vehicle’s ACM to err on the side of caution by obtaining a search warrant before retrieving that information.

The concurring opinion notes a few things. First, some ACMs may collect more data than others, making these much more analogous to the CSLI obtained in the Carpenter case. That alone should prompt officers to seek a warrant before downloading the data -- especially when vehicles have been towed and held for a crash investigation. This removes any exigency and allows the search to continue on the court's time, rather than whenever officers feel like it.

It also notes getting a warrant first would be the safer choice as the removal of the ACM may very well qualify as a government trespass onto private property. The automobile exception may excuse cursory searches and inventory of a car's contents if it removed from the scene of a stop, but it does not permit the government to obtain data from a vehicle's electronics.

The opinion reiterates the warning handed out by the majority: Get a warrant.

[L]aw enforcement will find it increasingly tricky to navigate the crossroads of ever-advancing technology and personal privacy as they relate to Fourth Amendment prohibitions. And this difficulty is only exacerbated by the fact that the decisions of the Supreme Court of the United States establish that warrantless searches are typically unreasonable where “a search is undertaken by law enforcement officials to discover evidence of criminal wrongdoing.” But as the Supreme Court emphasized once again in Carpenter v. United States, there remains a tried and true means of safely traversing these crossroads when law enforcement’s specific obligations under the Fourth Amendment are in doubt—get a warrant. This default position seems especially wise in light of the “equilibrium-adjustment” the Supreme Court of the United States recently made in Carpenter.

As for any arguments that new warrant requirements will harm law enforcement efficiency, the court waves them away by explaining the Fourth Amendment isn't supposed to make things easy for the government.

And while obtaining a warrant may not always lend itself to expediency, our republic’s Fourth Amendment jurisprudence has “historically recognized that the warrant requirement is ‘an important working part of our machinery of government,’ not merely an inconvenience to be somehow ‘weighed’ against the claims of police efficiency.”

It also notes that if anyone's losing the Tech Arms Race, it's citizens, not law enforcement. They're at the mercy of a judicial system that isn't known for its turn rate on tech-implicating cases.

I am confident the vast majority of our law enforcement officers will err on the side of caution and liberty, and get a warrant in cases like the one before us. The law always seems to be several steps behind technology, and this approach strikes me as the most prudent course of action going forward.

The main takeaway from Carpenter is this: Get. A. Warrant. Why take a chance a court may find whatever third party data you built a case on to be protected under the Fourth Amendment? A warrant -- even if badly/broadly written -- will generally score law enforcement some points in the "good faith" category, insulating obtained evidence from attempts to have it suppressed.

from the this-should-keep-this-out-of-the-Supreme-Court's-hands dept

Another challenge of the NIT (Network Investigative Technique) warrant used by the FBI during its investigation of a dark web child porn website has hit the appellate level. A handful of district courts have found the warrant used invalid, given the fact that its reach (worldwide) exceeded its jurisdictional grasp (the state of Virginia, where it was obtained). That hasn't had much of an effect on appeals court rulings, which have all found the warrant questionable to varying degrees, but have granted the FBI "good faith" for violating the jurisdictional limits the DOJ was attempting to have rewritten (Rule 41 -- which governs warrant jurisdictional limits, among other things) to allow it to do the things it was already doing.

Even though the FBI had to have known searches performed all over the world using one Virginia-based warrant violated Rule 41 limits, appellate judges have declared the FBI agent requesting the warrant wasn't enough of a legal expert to know this wasn't allowed. Two appeals courts have stated suppressing the evidence is pointless because the law changed after the jurisdiction limit violation took place. The appellate decisions have been troubling to say the least, providing further evidence that the good faith exception is the rule, rather than the outlier.

The latest decision [PDF] dealing with the NIT warrant comes from the Third Circuit Appeals Court. It, too, finds the warrant questionable. And it states the government has agreed the warrant was not valid under Rule 41(b).

The Government conceded below that “[a]lthough Rule 41 does authorize a judge to issue a search warrant for a search in another district in some circumstances, it does not explicitly do so in these circumstances.” App. 91 (Government Br. in Opposition to Motion to Suppress) (emphasis added).

The opinion goes on to note the government, having admitted its warrant was bad, then argued it was good because it was apparently thinking of a different part of Rule 41 when it applied for a warrant, even though none of this thought made its way into the affidavit as words.

On appeal, however, the Government curiously has reversed course, and now contends that the NIT was in fact explicitly authorized by Rule 41(b)(4), which provides that a magistrate judge may “issue a warrant to install within the district a tracking device; the warrant may authorize use of the device to track the movement of a person or property located within the district, outside the district, or both.” Fed. R. Crim. P. 41(b)(4) (emphasis added).

According to the Government, under this Rule, “the NIT warrant properly authorized use of the NIT to track the movement of information—the digital child pornography content requested by users who logged into Playpen’s website—as it traveled from the server in [EDVA] through the encrypted Tor network to its final destination: the users’ computers, wherever located.”

Wrong again, says the court, noting the disingenuousness of the government's goalpost move. (All emphasis added by me and not the court from this point forward.)

We need not resolve Werdene’s contention that the Government waived this argument because we find that the Government’s tracking device analogy is inapposite. As an initial matter, it is clear that the FBI did not believe that the NIT was a tracking device at the time that it sought the warrant. Warrants issued under Rule 41(b)(4) are specialized documents that are denominated “Tracking Warrant” and require the Government to submit a specialized “Application for a Tracking Warrant.” See ADMINISTRATIVE OFFICE OF U.S. COURTS, CRIMINAL FORMS AO 102 (2009) & AO 104 (2016). Here, the FBI did not submit an application for a tracking warrant – rather, it applied for, and received, a standard search warrant. Indeed, the term “tracking device” is absent from the NIT warrant application and supporting affidavit.

The court also helpfully finds that computer users have an expectation of privacy in their IP addresses and other identifying info housed in their computers. It points out the government obtained this directly from targets' computers rather than third parties, making this a Fourth Amendment search rather than a Third Party Doctrine case.

But that's where the good news ends for the defendant. The appeals court says the warrant was invalid the moment it was issued, but that this can't be held against the FBI. It rationalizes its opinion this way: suppression of evidence is for deterrence, not for righting the government's wrongs. So, it's OK for the FBI to rely on an invalid warrant because the judge made the error approving it. The FBI was not wrong to rely on the warrant, even though it very likely knew its request violated Rule 41 jurisdictional limits. Then it arrives at this conclusion -- one reached previously by another appeals court:

More importantly, the exclusionary rule “applies only where it ‘result[s] in appreciable deterrence.’” Herring, 555 U.S. at 141 (quoting Leon, 468 U.S. at 909) (emphasis added). Thus, even though Rule 41(b) did not authorize the magistrate judge to issue the NIT warrant, future law enforcement officers may apply for and obtain such a warrant pursuant to Rule 41(b)(6), which went into effect in December 2016 to authorize NIT-like warrants. Accordingly, a similar Rule 41(b) violation is unlikely to recur and suppression here will have no deterrent effect.

In other words, because it's now impossible for the FBI to engage in this violation of Rule 41, there's nothing to be gained by suppressing the evidence. In essence, the court is saying that if the DOJ can get laws changed quickly enough to codify earlier statutory violations, defendants challenging evidence based on legal violations that occurred before the law was changed are shit out of luck. Compare and contrast this to civil rights lawsuits where the courts have awarded good faith to law enforcement for apparent rights violations because they occurred before such acts were declared unconstitutional by precedential opinions. It's "heads I win, tails you lose" in federal courts, thanks to the good faith exception.

More cases will reach the appellate level but it hardly seems likely any of those will result in suppressed evidence for Playpen defendants. These findings will be reached despite most appellate judges declaring the underlying warrants void from the moment they were issued. Defendants asking for suppression are going to run into judges willing to forgive the FBI both before and after the fact, which means there's very little justice left in the justice system's tanks.

from the fifth-amendment-five-finger-discount dept

A ruling has been handed down by a federal judge finding the government's demands for fingerprints from multiple residents of a house does not implicate the Fifth Amendment. [h/t Brad Heath]

The underlying case -- still under seal -- bears some resemblance to one we discussed here about a year ago. Law enforcement sought a search warrant for a residence, which would allegedly house devices containing child pornography. The devices were suspected to be Apple products, which can be opened with fingerprints. The warrant asked for permission to compel the residents to supply their fingerprints -- both to unlock the devices and to ascribe possession to the person whose fingerprint unlocked them.

Surprisingly, the magistrate judge rejected the government's request. The government appealed the magistrate's rejection, kicking it up a level in the federal court system. The court notes in its ruling [PDF] its reviews of magistrates' decisions isn't normally adversarial, but this case raises some questions in need of additional viewpoints.

Ordinarily, review of the magistrate judge’s decision on a warrant application would be ex parte. But because the magistrate judge’s thoughtful opinion addressed a novel question on the scope of the Fifth Amendment’s privilege against self-incrimination, the Court invited the Federal Defender Program in this District to file an amicus brief to defend the decision (the government did not object to the amicus participation). The Court is grateful for the Federal Defender Program’s excellent service in fulfilling this request.

The decision here comes down on the side of the government, decisively so. But that may be due to the specifics of the fingerprint application. Rather than directly asking the residents of the searched home to use Apple's TouchID to unlock the devices (which would require a specific finger known only to each resident), law enforcement officers will choose which finger each suspect must apply to the device.

Specifically, the constitutional text on which the right is premised only prevents the government from compelling a person from being a “witness” against himself. U.S. Const., amend. V. The Fifth Amendment provides, in pertinent part: “No person … shall be compelled in any criminal case to be a witness against himself.” Witnesses provide testimony, so that specifically is the forbidden compulsion: the government cannot force someone to provide a communication that is “testimonial” in character…

The same holds true for the fingerprint seizure sought by the government here. As noted earlier, and worth emphasizing again, the government agents will pick the fingers to be pressed on the Touch ID sensor, Affidavit ¶ 39 n.9, ¶ 41, so there is no need to engage the thought process of any of the residents at all in effectuating the seizure. The application of the fingerprint to the sensor is simply the seizure of a physical characteristic, and the fingerprint by itself does not communicate anything.

The court likely would have reached the same conclusion even if the government had demanded residents choose fingers themselves. (The court does not state -- nor is it reflected anywhere in the court's discussion -- that law enforcement is limited to one finger from each resident. To keep this from becoming a mockery of the court's intent, you would think this would be the case. Nothing on the record indicates, however, that the government gets one finger per person.)

What's depicted here clearly falls in line with previous decisions related to the Fifth Amendment implications of providing fingerprints to unlock devices. Physical properties like fingerprints haven't been considered testimonial because they're apparent, visible, and clearly linked to the individual under suspicion. Handing over a fingerprint requires no "testimonial" effort, courts have decided, even if the non-testimonial action produces a wealth of incriminating evidence.

The compelled production of passwords and PINs is still an open issue. How open is a matter of (judicial) opinion. So far, refusing the government's offer to provide the keys to possibly incriminating evidence has only conclusively proven to be a good way to spend an indefinite amount of time in jail. But it at least provides the slimmest hope a judge will find demands for passwords a violation of the Fifth Amendment. The case for fingerprints being testimonial hasn't found much sympathy in the courts, despite the application of fingerprints ultimately being every bit as revealing as typing in a password.

from the sunlight-disinfectant dept

It's amazing what effect a little public scrutiny has on government overreach. In the wake of inauguration day protests, the DOJ started fishing for information from internet service providers. First, it wanted info on all 1.2 million visitors of a protest website hosted by DreamHost. After a few months of bad publicity and legal wrangling, the DOJ was finally forced to severely restrict its demands for site visitor data.

Things went no better with the warrants served to Facebook. These demanded a long list of personal information and communications from three targeted accounts, along with the names of 6,000 Facebook users who had interacted with the protest site's Facebook page. Shortly before oral arguments were to be heard in the Washington DC court, the DOJ dropped its gag order.

The last minute removal of the gag order appears to have been done to avoid the establishment of unfavorable precedent. It looks like the government perhaps has further concerns about precedential limitations on warrants served to service providers. As Kate Conger reports for Engadget, the DOJ has decided to walk away from this particular warrant challenge.

In a court hearing today, the Department of Justice dropped its request for the names of an estimated 6,000 people who “liked” a Facebook page about an Inauguration Day protest, the American Civil Liberties Union said. The ACLU challenged several warrants related to protests against President Trump’s inauguration on Friday, one of which included the search, claiming they were over-broad.

The ACLU notes the judge seemed sympathetic to allegations of overreach. In response, the government has apparently reduced its demands to info from two arrested protestors' accounts and further limited the date range from which data is sought.

This isn't a good look for the government. Dropping demands before an order has been issued indicates the DOJ had some idea its demands were too broad. It also shows the government will make concessions, rather than risk adverse rulings.

Then there's the whole issue of seeking personal information on protesters. This sort of thing creates a very real chilling effect by threatening to turn over personal information to the same entity the protesters were protesting. Fortunately, the government has walked back most of its demands in both cases.

from the good-luck-limboing-under-that-low-bar,-defendants dept

The Ninth Circuit Appeals Court has handed down a decision which appears to lower the bar for probable cause. The government's evidence -- obtained via a warrantless search -- will remain unsuppressed. Here's the summary of the decision [PDF]:

The panel affirmed the district court’s order denying the defendant’s motion to suppress contraband seized during a warrantless search of the defendant’s truck.

The panel held that under the totality of the circumstances, there was probable cause to believe that contraband would be found in the truck, and that the search was therefore permissible under the automobile exception to the warrant requirement.

It's the "totality of the circumstances" that's the problem. The court did a lot of scribbling in the margins to help the government's probable cause math add up. The DEA had lots of stuff that was almost proof of something, but lots of key elements were missing. The opinion is riddled with details of agents verbally filling in gaps in their surveillance with assumptions.

[A]gents intercepted another call between Penitani and Faagai, in which Faagai was attempting to locate Penitani at the Pearlridge Shopping Center for what appeared to be a pre-planned meeting. Drug Enforcement Administration Special Agent Clement Sze (“Special Agent Sze”) testified that he believed that althoughagents were not able to conduct surveillance of that meeting, they believed, based on the entirety of their investigation, that Penitani and Mitchell were meeting Faagai to supply him with methamphetamine.

The beginning of the DEA's bad math: a meeting agents did not actually hear or see. More fuzzy math follows.

On November 5, 2012, agents intercepted a text message from Faagai to Penitani in which Faagai said that he was going to Costco in Kapolei “to buy food for [his] house” and that if Penitani “gotta buy food for [Penitani’s] house,” they should meet at Costco. Special Agent Sze testified that he believed that Faagai was using “food” as a code word for “money.”

Or it could just be food. Since the defense didn't challenge these assertions, the Appeals Court decides to take the agent at his word. Agents attempted to catch the dealers in the act, but missed an opportunity.

Agents traveled to the Costco in Kapolei and observed Penitani and his then girlfriend, Keschan Taylor, exit Costco and drive away. Agents did not see Faagai in the area, but Special Agent Sze testified that the agents believed that the meeting between Faagai and Penitani had already taken place.

Another unobserved meeting, presumed by the government to have taken place and, presumably, been of an illicit nature.

Having intercepted another conversation about "food" and "tools" to take place at a local restaurant, agents headed out to observe the hand-off. Again, they missed their marks.

Law enforcement agents conducted surveillance at the Jack In The Box and did not see Faagai or Penitani. At 8:14 p.m., agents intercepted a text message from Penitani to Faagai changing the location of the meeting to a 7-Eleven. The agents drove to the 7-Eleven at 8:30 p.m., where they saw Faagai in the parking lot, leaning into the passenger side window of Penitani’s car. Penitani and Faagai had already been there for approximately 15 minutes.

Once again, Special Agent Sze makes an assumption and, once again, the court finds it credible.

Special Agent Sze testified that he believed that the drug transaction had already occurred by the time agents arrived on scene.

Based on this wealth of horseshoe/hand grenade information, agents performed a pretextual stop and proceeded to search Faagai's vehicle without a warrant. A half-pound of methamphetamine was discovered along with the usual paraphernalia. The Appeals Court says all the gaps in info and all the assumptions made about unobserved meetings and unheard conversations is fine. It all adds up to Faagai's vehicle being the "more than likely" final resting spot of drugs no DEA agent actually saw change hands.

At the 7-Eleven, agents observed Faagai walk away from Penitani’s car and toward his own truck without anything in his hands. Agents did not observe the entirety of the meeting, which lasted roughly 15 minutes. Because the circumstances indicate the purpose of the meeting was to engage in a drug transaction, there is probable cause to believe that Penitani had delivered drugs (the promised “tools”) to Faagai, and that these drugs could be found in Faagai’s truck.

Why in Faagai’s truck? We know that there was probable cause to believe Penitani brought the “tools” (the drugs) so that Faagai could “get back to work” and not “lose [his] job” (deal the drugs). We know that Faagai arrived at the 7- Eleven in a vehicle, because he drove away in his truck. When the police saw Faagai leaning into the window of Penitani’s car, he had nothing in his hands.

Where could the “tools” (drugs) be located? In Penitani’s car? Unlikely, because the purpose of the meeting was for Penitani to deliver drugs to Faagai and Faagai left the scene in his truck. On Faagai’s person? Perhaps, but unlikely given that in prior transactions, Penitani had dealt in pounds of methamphetamine. Hidden in the environs of the 7- Eleven? Unlikely, given the high value of the drugs. In Faagai’s truck? More likely than not.

Judge Kozinski's dissent illustrates the dangers of allowing the government to substitute expertise for observation when it comes to commonly-used terms and meetings no one saw take place.

The government’s entire case rests on four meetings between Faagai and John Penitani, a suspected meth dealer. Despite observing most of these meetings and assiduously wiretapping Penitani’s phone, officers never saw a handoff of money or contraband, nor heard an explicit mention of drugs. In fact, they saw and heard nothing objectively suspicious.

The most probative evidence supporting the search was a conversation between Penitani and Faagai where they discussed meeting at Costco to buy food. Agents testified that they “believed [food] to be a code” for drugs. But there was no expert testimony or any other evidence supporting the speculation that food stood for drugs. See United States v. Bailey, 607 F.2d 237, 240 & n.6 (9th Cir. 1979) (discussing expert’s testimony on the meaning of alleged code words). Many people go to Costco to buy food. If talking about shopping for food at Costco were sufficient to justify a search, many of us would be searched by the police twice a week—thrice right before Thanksgiving. Nor does it make any sense to substitute food for drugs when talking about where to meet. If Penitani and Faagai were meeting up to conduct a drug deal, why specify the purpose of the meeting? Why say “Let’s meet at Costco for a drug transfer” rather than just “Let’s meet at Costco,” with the purpose of the meeting understood?

A few judges have called out the government for this behavior, making claims that would turn a large number of non-criminals into potential suspects. Drug dealers are humans and do human things just like millions of non-drug dealers. They shop at Costco just like innocent people do. But the government would have us believe -- "based on training and expertise" -- that common activities are suspicious, especially when the government is already engaged in an investigation. Even the most innocuous actions become sinister when the government is seeking to reach a foregone conclusion.

But there's more to it than that. Kozinski also points out the DEA's "training and expertise" statements often paint contradictory situations as equally suspicious. If the government wants to keep making arguments about common activities being the height of criminal suspicion, the least it could do is be consistent.

The fact that the two men decided to meet in a place with “hardly any people” cuts the wrong way. The government commonly argues that drug dealers intentionally seek out busy locations because a “high volume of pedestrian and vehicle traffic can mask drug-dealing activity.” United States v. Ruiz, 785 F.3d 1134, 1138 (7th Cir. 2015). Here, the government claims the opposite, evidently trying to have it both ways. At best, this fact is irrelevant: There was nothing incriminating about the two men’s preference for a quieter location.

Kozinski sums up his dissent this way:

The majority strings together a sequence of events like beads on a strand, but doesn’t explain how any of them provide probable cause that Faagai was carrying drugs in his car when he was stopped.

And here's the inevitable outcome of this decision, which is published and precedential:

Here’s what this case boils down to: Officers had a hunch that a drug transaction was going down. They saw nothing obviously suspicious, but got tired of waiting, watching and wiretapping. They then jumped the gun by executing a warrantless search. Until today, this was not enough to support probable cause, but going forward it will be. This is a green light for the police to search anyone’s property based on what officers subjectively believe—or claim to believe—about someone’s everyday conduct. That puts all of us at risk. Accordingly, I dissent, and I’m off to Costco to buy some food.

Edge cases like these need to be watched closely by judges. The courts have greatly expanded law enforcement power over the years at the expense of the Bill of Rights. Lowering probable cause to possible cause just makes it easier for officers to have their illegal search and their evidence too.

from the BUT-HER-OXY dept

How private are your medical records? You'd think they'd be pretty damn private, considering Congress specifically passed a law regulating the disclosure of these sensitive records. Some states feel the same way, extending even greater privacy protections to things like prescription records. Not only are medical entities prevented from passing on sensitive info without patients' consent, local law enforcement agencies aren't allowed to obtain third-party records like prescription data without a warrant.

Utah’s requirement for a warrant conflicts with the federal Controlled Substances Act (CSA), which permits the DEA to issue administrative subpoenas for information relating to individuals suspected of violations of the CSA. According to a US Department of Justice report, administrative subpoenas may be issued by the agency without judicial oversight and without the showing of probable cause that would be required for a warrant.

When states provide more protections to residents than the federal government's willing to grant, it's often the state laws that lose, especially when controlled substances are involved. Such is the case here, at least so far. The DEA demanded the release of patient info/prescription records without a warrant, something forbidden by Utah law. The state objected to the DEA's records demand. The DEA responded by flexing its considerable federal muscle.

The DEA countered with the Supremacy Clause: valid federal laws are superior to conflicting state laws.

The court ended up agreeing with the DEA: patient info and prescription records aren't afforded additional privacy protections, no matter what HIPAA/state laws have to say about the matter. The court's rationale was that prescription medicine is part of a "closely regulated" industry, which lowers the bar for government access. This lumps pharmacies and hospitals in with pawn shops, gun dealers, and adult filmmakers.

The Francis' point out this reading of close regulation and the DEA's Supremacy assertions is incredibly broad. It proposes nearly no limits to what the government can grab without a warrant. While the court discussed the possibility this should be limited to prescriptions containing controlled substances, it drew no precedential conclusions that may have shortened the government's reach.

And, indeed, there are no court decisions that grant reasonable privacy expectations to records most members of the public feel should be accessed only by them and their healthcare providers. The blog points to the last Supreme Court ruling related to patient privacy -- one that's nearly 40 years old at this point. All the Whalen v. Roe decision did was indicate the Court believed New York state's statutory privacy protections were enough and that there was no need to drag the Fourth Amendment into this. As we can see from the DEA's actions and assertions, statutory privacy protections mean nothing, not if the federal government can step in and override protections put in place by state and local governments.